This policy may be updated from time to time, so please ensure you check it regularly.
This policy describes how personal data must be collected, handled and stored in order to remain compliant the General Data Protection Regulations (GDPR).
What is covered by this Policy?
The Company takes your personal data seriously.
- defines the types of personal data that we collect about you
- details how and why we collect and use your personal data
- defines the legal basis we have for using your personal data
- details the different rights and choices you have when it comes to your personal data; and
- details how we may contact you and how you can contact us.
- defines our breach notification process
- details our complaints & breach procedure
- details who we share your data with
- details how long we keep your personal data for
- details the process when direct contact is made with us
Personal data collected by The Company
The Company may collect and process personal data (information that can be uniquely identified with you) about you when you apply to one of our job advertisements:
- directly for an advertised role via our website
- when you apply to be a candidate for whom we can facilitate a job search
- via a third party when you respond to a job post placed by The Company on a job board on behalf of a third-party client
We will hold your email address for marketing purposes if you opted in to receive email marketing communication, participated in a partnered event, connected with one of our employees on LinkedIn or are a member of a group to which they also belong, provided us with your business card, or had another prior connection, correspondence or relationship with us.
The Company takes all reasonable steps to ensure that appropriate measures are carried out in order to safeguard the information we collect from you and to protect against unlawful access and accidental loss or damage.
This may include (as necessary):
- protecting our data and computer servers with firewalls
- locating data processing storage facilities in secure locations
- encrypting all data stored on our server that encrypts the data between your computer and our server
- disposing of or deleting your data securely
- regularly performing data backups
Whilst The Company does not store or request financial information from candidates, we do store highly personal information contained within your Curriculum Vitae (CV). We are aware of our responsibility to protect your information and to only share details with third parties upon receipt of your explicit consent. All our systems are password protected and only authorised users have access to the personal information stored in our systems.
The Company’s use of your data
When you register with The Company or subscribe to our mailing list you provide your consent to our collecting and storing your personal information. You will be unable to submit your enquiry or details to The Company without consenting to our storing your personal data. This may include, but is not restricted to, your name; contact information; address; employment history; mobility and education
During telephone conversations and in-person interviews we may collect personal information with regard to employment preferences, strengths and work experience, all of which may be stored on your personal record. This information facilitates our ability to support your career search and to provide a basis for recommendation when introducing candidates to clients for a particular role.
By explicitly providing consent when you register with The Company you are providing permission for our storage of this information. The Company will never share personal information or a Curriculum Vitae (CV) with a third party without your explicit consent.
Due to the nature of commercial recruitment and staffing, a significant number of candidates reconnect with our organisation periodically when they are interested in a new opportunity. It is not uncommon for this to occur years after we have placed them in a client role. For this reason, your consent includes explicit consent to retain your personal details until you wish us to delete your records from our database or refrain from further engagement.
If you do not consent to The Company storing your personal data or setting up a personal profile for you, please do not submit your Curriculum Vitae (CV) for any roles advertised on our website.
We are unable to process your application without receipt of consent to process and store your personal information.
We may on occasion contact candidates stored in our database who are not actively looking for new employment. By providing consent to our storage of your personal data you are also providing consent for The Company to contact you if we receive details of a role which specifically matches your career goals.
We will do this only where you meet a detailed job description provided by one of our clients, and where you have provided explicit consent to our storing and using your data.
The Company’s retention of your data
The Company will only retain your information for as long as is necessary for us to use your information as described above or to comply with legal obligations.
However, The Company may retain some of your information after you cease to use our services, if we believe in good faith that it is necessary to meet our legal obligations, such as retaining the information for tax and accounting purposes.
When determining the relevant retention periods in each case, we will consider factors including:
(a) The Company’s contractual obligations and rights in relation to the information involved;
(b) legal obligation(s) under applicable law to retain data for a defined period of time;
(c) statute of limitations under applicable law(s);
(d) in case of disputes;
(e) if you have made a request to have your information deleted; and
(f) guidelines issued by relevant data protection authorities.
In all other cases, we securely erase your information once this is no longer needed.
To unsubscribe from any of The Company’s mailing lists or for removal from email marketing platforms at any time please email email@example.com.
Sharing of your data
The Company will never share our candidates’ personal details or Curriculum Vitae (CV) with a third party without the candidate’s explicit permission.
The Company’s legal basis for using your information
For prospective candidates, contractors, referees and clients, our processing is necessary for our legitimate interests – The Company needs this information in order to be able to assess suitability for potential client roles, to find potential candidates and to contact clients and referees and suppliers.
If you are interviewed and submitted as a candidate, then this may involve the processing of more detailed personal data including sensitive data such as health information that you or others provide about you. In that case we always ask for your consent before undertaking such processing.
Contacting The Company directly
If you contact one of our consultants or employees directly and request they consult with you regarding your career search, or regarding a particular job role, you are giving your consent to The Company’s processing your email and the data contained within your email for lawful purposes, as per the clauses listed above.
By sending a copy of your Curriculum Vitae (CV) directly to a The Company employee you are giving consent to The Company’s processing and storing that information.
Your data rights
Under law, you have a number of rights when it comes to your personal data.
Further information and advice about these rights is available at https://www.eugdpr.org/
1.The right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how The Company uses your information and your rights. That is the purpose of the information contained in this Policy.
2.The right of access
If you would like to request for access to your personal information, please contact: firstname.lastname@example.org.
or by writing to:
GDPR Compliance Officer
3.The right to rectification
You are entitled to have your information corrected if it is inaccurate or incomplete.
4.The right to erasure
You are entitled to request the deletion or removal of your information where there is no legitimate reason for The Company to continue using it. This is not a general right to erasure and there are some exceptions.
5.The right to restrict processing
You have rights to restrict, block or limit further use of your information. When processing is restricted, The Company may still store your information but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
- Request for personal data to be removed or deleted
You have the right to be deleted from The Company’s systems. Upon receipt of a request to delete your personal information, The Company will ensure that your personal record is deleted within 30 days.
Where The Company has placed a candidate in a client role, The Company is required to retain evidence of that placement so that contractual obligations can be met by the client. The Company will however take steps to ensure only minimal personal data is retained and will not make further contact with the candidate.
Where The Company has previously received permission to share personal information with a third party, for example submitted a candidate’s CV for a role, we agree to advise that third party of your wish to be forgotten if communication has taken place within the last twelve months. Should you wish to be deleted from The Company’s database, please contact email@example.com. clearly stating your request.
The Company typically acts on all data and information requests free of charge, but may charge a reasonable fee to cover administrative costs of providing the information for:
- excessive/repeated requests, or
- repeated or multiple copies of the same information
There may be instances where The Company may be entitled to refuse to act on the request.
In all instances The Company will endeavour to act as promptly as possible, typically within one month from receipt of any request. If the request will take longer to process, The Company will advise accordingly.
Notifications of data breach
If personal data we hold about you is subject to a breach or unauthorised disclosure or access, The Company will report this to the Information Commissioner’s Office (ICO).
If any breach creates a risk to your data rights and freedoms, we will notify you as soon as possible.
- Internet Explorer
- Google Chrome
- Mozilla Firefox
- Apple Safari
If you have a complaint about the way your data is stored or managed by Colsby, please contact us at:
If you wish to escalate your complaint or are not satisfied with how your complaint is handled by Colsby, you can make a formal complaint to the Information Commissioner’s Office (ICO) via http://www.ico.org.uk/
or by writing to:
Information Commissioner’s Office (ICO)